Zone switching method in a broadband wireless access system having regard to security association and device for same

ABSTRACT

The present invention relates to a wireless access system, and more particularly, to a method for supporting security during a handover performance through a zone switch and to a device performing same. According to one embodiment of the present invention, switching a zone by a terminal in a broadband wireless access system comprises the following steps: creating at least one service flow in a first zone that supports the legacy mode of a base station; receiving at the base station a first message, which indicates a zone switch to a second zone that supports an advanced mode; and performing the zone switch, wherein performing the zone switch may further comprise a step for receiving from the second zone a second message, which includes security association information that indicates the security association applied to at least one service flow in the second zone.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is the National Stage filing under 35 U.S.C. 371 ofInternational Application No. PCT/KR2011/001766, filed on Mar. 14, 2011,which claims the benefit of earlier filing date and right of priority toKorean Patent Application No. 10-2011-0022321, filed on Mar. 14, 2011,and also claims the benefit of U.S. Provisional Application Ser. No.61/313,637, filed on Mar. 12, 2010, the contents of which are all herebyincorporated by reference herein in their entirety.

TECHNICAL FIELD

The present invention relates to a radio access system, and moreparticularly, to a method and apparatus for supporting security uponhandover through zone switching.

BACKGROUND ART

Handover (HO) indicates that a mobile station (MS) moves from an airinterface of one base station to an air interface of another basestation. Hereinafter, a handover procedure of a general IEEE 802.16system will be described.

In an IEEE 802.16 network, a serving base station (SBS) may broadcastneighboring base station information through a neighboring advertisement(MOB_NBR-ADV) message in order to inform a mobile station (MS) ofinformation (topology) about a basic network configuration.

The MOB_NBR-ADV message includes system information of a serving basestation and neighboring base stations, for example, preamble indexes,frequencies, HO optimization degrees, downlink channel descriptor(DCD)/uplink channel descriptor (UCD) information, etc.

DCD/UCD information includes information necessary to enable an MS toperform information exchange in downlink and uplink. For example,DCD/UCD information includes HO trigger information, information about amedium access control (MAC) version of a base station, media independenthandover (MIH) capability information, etc.

A general MOB_NBR-ADV message includes only information aboutneighboring base stations of an IEEE 802.16e type. Information aboutbase stations of the types other than an IEEE 802.16e type may bebroadcast to MSs through a service identity information advertisement(SII-ADV) message. Accordingly, an MS may request an SBS to transmit theSII-ADV message so as to acquire information about base stations ofheterogeneous networks.

A procedure for performing handover by an MS, which acquires informationabout neighboring base stations using the above-described method, in anIEEE 802.16 network will be described in greater detail.

FIG. 1 is a diagram showing an example of a handover procedure which maybe performed in an IEEE 802.16 system.

Referring to FIG. 1, first, a mobile station (MS) may access a servingbase station (SBS) so as to perform data exchange (S101).

The SBS may periodically broadcast information about neighboring basestations (BSs) thereof to the MS through an MOB_NBR-ADV message (S102).

The MS may begin to scan candidate HO BSs using an HO trigger conditionwhile communicating with the SBS. The MS may transmit a handover request(MOB_MSHO-REQ) message so as to request the SBS to perform a handoverprocedure if a handover condition exceeds, for example, a predeterminedhysteresis margin value (S103).

The SBS may inform candidate HO BSs included in the MOB_MSHO-REQ messageof the handover request from the MS through an HO-REQ message (S104).

The candidate HO BSs may take precautions for the MS which requestshandover and transmit information associated with handover to the SBSthrough an HO-RSP message (S105).

The SBS may transmit information associated with handover acquired fromthe candidate HO BSs through the HO-RSP message to the MS through ahandover response (MOB_BSHO-RSP) message. The MOB_BSHO-RSP message mayinclude information for performing handover, such as an action time forperforming handover, a handover identifier (HO-ID) and a dedicated HOCDMA ranging code (S106).

The MS may determine one target BS among the candidate HO BSs based oninformation included in the MOB_BSHO-RSP message received from the SBS.Then, the MS may attempt to perform ranging by transmitting CDMA code tothe determined target BS (S107).

The target BS which receives the CDMA code may transmit information asto whether or not ranging is successfully performed and physicalcorrection values to the MS through a ranging response (RNG-RSP) message(S108).

Next, the MS may transmit a ranging request (RNG-REQ) message forauthentication to the target BS (S109).

The target BS which receives the ranging request message of the MS mayprovide system information available to the BS, such as a connectionidentifier (CID), to the MS through a ranging response message (S110).

If the target BS successfully completes authentication of the MS andsends all update information, the target BS may inform the SBS of the MSthat handover is successfully performed through a handover completion(HO-CMPT) message (S111).

Thereafter, the MS may exchange information with the target BS whichperforms handover (S112).

The above-described handover procedure is performed between the MS andthe BS which follow the IEEE 802.16e standard (WirelessMAN-OFDMA R1Reference System). Hereinafter, in the present specification, forconvenience, a system to which a general technology including the IEEE802.16e standard is applied is referred to as a “legacy system”. An MSto which the legacy technology is applied is referred to as a“WirelessMAN-OFDMA R1 Reference MS”, an “YMS (Yardstick MS)” or a“legacy MS”, and a BS to which the legacy technology is applied isreferred to as a “legacy BS”, a “R1 BS”, a “WirelessMAN-OFDMA R1Reference BS” or an “YBS (Yardstick BS)”.

An MS to which an advanced technology including the IEEE 802.16mstandard (WirelessMAN-OFDMA Advanced System) is applied is referred toas an “advanced MS” or an “AMS”, and a BS to which the advancedtechnology is applied is referred to as an “advanced BS” or an “ABS”. Inaddition, an operation mode of an MS or a BS to which the advancedtechnology is applied is referred to as an “advanced mode”.

It is assumed that an AMS accesses a YBS so as to receive a service fromthe YBS and an ABS (WirelessMAN-OFDMA R1 ReferenceSystem/WirelessMAN-OFDMA Advanced co-existing system) supporting both anAMS and a YMS exists adjacent to the YBS.

The YBS has only a legacy zone (LZone) having a physical channel framestructure applied to a legacy system. It is assumed that an ABS has onlyan advanced MS support zone (MZone: 16 M zone) having a physical channelframe structure applied to an advanced system if only an AMS issupported (WirelessMAN-OFDMA advanced system only). An ABS(WirelessMAN-OFDMA Reference System/WirelessMAN-OFDMA Advancedco-existing System legacy supportive) which supports both an AMS and anYMS has both a legacy zone (LZone) and an advanced MS support zone(MZone), which are divided in time units, for example, is divided usingtime division duplex (TDD) in frame units or subframe units, in uplinkand downlink.

It is assumed that the AMS may receive services from both the ABS andthe YBS. That is, it is assumed that the AMS may receive a servicethrough any one of the new MS support zone and the legacy zone and mayperform both a handover procedure defined in the legacy system and ahandover procedure defined in the advanced system.

Generally, in order to perform handover from a serving YBS to an ABSsupporting both an AMS and a YMS, the AMS may enter a legacy zone of theABS and continue to receive a service in the legacy zone or perform zoneswitching to an advanced MS support zone. In addition, the AMS mayperform handover by immediately performing zone switching to an advancedMS support zone without entering the legacy zone of the ABS.

Zone switching will now be described in detail. Zone switching refers toa procedure of enabling an AMS which operates in an LZone to operate ina resource region of an MZone in the case in which there are an LZoneand an MZone divided using a TDD scheme in one carrier. That is, an IEEE802.16e MAC operation is switched to an IEEE802.16m MAC operation. Zoneswitching includes movement of an AMS from an MZone to an LZone.

However, in order to guarantee service continuity when zone switching isperformed, context mapping of a service flow identifier and mapping of asecurity association identifier (SAID) should be performed. In a generalIEEE 802.16e/m system, context mapping of a service flow identifier maybe automatically performed such that a first transport connection ID(CID) is mapped to a flow identifier (FID) in ascending order. However,since the type of a security association identifier (SAID) defined inthe standard of the MZone and the type of an SAID defined in thestandard of the LZone are different, the SAID may not be automaticallymapped.

Accordingly, it is necessary to define a method of enabling a BS toinform an MS of how an SAID is mapped to a service flow identifier uponzone switching and to define a mapping rule of an SAID.

DISCLOSURE Technical Problem

An object of the present invention is to provide a method of decidingsecurity association to be applied to each service flow in a switchedzone upon zone switching of a mobile station (MS).

The technical problems solved by the present invention are not limitedto the above technical problems and other technical problems which arenot described herein will become apparent to those skilled in the artfrom the following description.

Technical Solution

The object of the present invention can be achieved by providing amethod of performing zone switching at a mobile station (MS) in abroadband radio access system, the method including generating at leastone service flow in a first zone supporting a legacy mode of a basestation (BS), receiving a first message indicating zone switching to asecond zone supporting an advanced mode at the BS from the first zone,and performing zone switching, wherein the performing zone switchingincludes receiving, from the second zone, a second message includingsecurity association (SA) information indicating SA applied to the atleast one service flow in the second zone.

At this time, with respect to each of the at least one service flow, anyone of an SAID 0 with null SA and an SAID 1 for protectingconfidentiality and integrity may be applied in the legacy mode, and anyone of the SAID 0, the SAID 1 and an SAID 2 for protectingconfidentiality may be applied in the advanced mode.

The SA information may include a bitmap indicating to which of the atleast one service flow the SAID 2 is applied.

The method may further include applying SA to the at least one serviceflow according to the SA information and a predetermined SA mapping ruleso as to perform data exchange with the second zone, and thepredetermined SA mapping rule may set mapping of the SAID 0 or the SAID1 in the second zone in consideration of at least one of SA in the firstzone of the at least one service flow, management connection or unicastconnection.

In another aspect of the present invention, there is provided a methodof supporting zone switching of a mobile station (MS) at an advancedbase station (ABS) supporting a legacy mode in a broadband radio accesssystem, the method including generating at least one service flow withrespect to the MS in a first zone supporting the legacy mode,transmitting a first message indicating zone switching to a second zonesupporting an advanced mode at the ABS to the MS through the first zone,performing mapping of security association (SA) in the second zone withrespect to the at least one service flow, and transmitting a secondmessage including SA information indicating SA applied to at least oneservice flow in the second zone of the mapping result to the MS throughthe second zone.

At this time, with respect to each of the at least one service flow, anyone of an SAID 0 with null SA and an SAID 1 for protectingconfidentiality and integrity may be applied in the legacy mode, and anyone of the SAID 0, the SAID 1 and an SAID 2 for protectingconfidentiality may be applied in the advanced mode.

The SA information may include a bitmap indicating to which of the atleast one service flow the SAID 2 is applied.

The mapping may be performed in consideration of at least one of SA inthe first zone of the at least one service flow, management connectionor unicast connection.

In another aspect of the present invention, there is provided a mobilestation (MS) for performing zone switching in a broadband radio accesssystem, the MS including a processor, and a radio frequency (RF) moduleconfigured to transmit and receive an RF signal to and from an externaldevice under control of the processor, wherein, if a first messageindicating zone switching to a second zone supporting an advanced modeat a base station (BS) is received from a first zone after at least oneservice flow is generated in the first region supporting a legacy modeof the BS, the processor receives, from the second zone, a secondmessage including security association (SA) information indicatingsecurity association applied to the at least one service flow in thesecond zone so as to perform zone switching.

At this time, with respect to each of the at least one service flow, anyone of an SAID 0 with null SA and an SAID 1 for protectingconfidentiality and integrity may be applied in the legacy mode, and anyone of the SAID 0, the SAID 1 and an SAID 2 for protectingconfidentiality may be applied in the advanced mode.

The SA information may include a bitmap indicating to which of the atleast one service flow the SAID 2 is applied.

The processor may apply SA to the at least one service flow according tothe SA information and a predetermined SA mapping rule so as to performdata exchange with the second zone, and the predetermined SA mappingrule may set mapping of the SAID 0 or the SAID 1 in the second zone inconsideration of at least one of SA in the first zone of the at leastone service flow, management connection or unicast connection.

The first zone may be an LZone and the second zone may be an MZone, thefirst message may be a unsolicited ranging response (RNG-RSP) messagetransmitted from the LZone, and the second message may be a rangingresponse (AAI-RNG-RSP) message transmitted from the MZone.

Advantageous Effects

According to the embodiments of the present invention, the followingeffects are obtained.

First, according to the embodiments of the present invention, a mobilestation (MS) can efficiently perform zone switching.

Second, according to the embodiments of the present invention, it ispossible to define a method of deciding security association to beapplied to each service flow in a switched zone upon zone switching ofan MS.

The effects of the present invention are not limited to theabove-described effects and other effects which are not described hereinwill become apparent to those skilled in the art from the followingdescription.

DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram showing an example of a handover procedure which maybe performed in an IEEE 802.16e system.

FIG. 2 is a diagram showing an example of a handover procedure usingzone switching.

FIG. 3 is a diagram showing another example of a handover procedureusing zone switching.

FIG. 4 is a diagram showing a general format of a medium access controlprotocol data unit (MAC PDU) used in an IEEE 802.16m system.

FIG. 5 is a block diagram showing an example of the structure of atransmitter and a receiver according to another embodiment of thepresent invention.

BEST MODE

In order to solve the above problems, the present invention discloses apreferred context mapping method when an advanced mobile station (AMS)performs zone switching.

The following embodiments are proposed by combining constituentcomponents and characteristics of the present invention according to apredetermined format. The individual constituent components orcharacteristics should be considered optional on the condition thatthere is no additional remark. If required, the individual constituentcomponents or characteristics may not be combined with other componentsor characteristics. Also, some constituent components and/orcharacteristics may be combined to implement the embodiments of thepresent invention. The order of operations to be disclosed in theembodiments of the present invention may be changed. Some components orcharacteristics of any embodiment may also be included in otherembodiments, or may be replaced with those of the other embodiments asnecessary.

The embodiments of the present invention are disclosed on the basis of adata communication relationship between a base station and a terminal.In this case, the base station is used as a terminal node of a networkvia which the base station can directly communicate with the mobileterminal. Specific operations to be conducted by the base station in thepresent invention may also be conducted by an upper node of the basestation as necessary.

In other words, it will be obvious to those skilled in the art thatvarious operations for enabling the base station to communicate with theterminal in a network composed of several network nodes including thebase station will be conducted by the base station or other networknodes other than the base station. The term “Base Station (BS)” may bereplaced with the terms fixed station, Node-B, eNode-B (eNB) or accesspoint (AP) as necessary. The term “terminal” may also be replaced withthe terms user equipment (UE), mobile station (MS), mobile subscriberstation (MSS) or subscriber station (SS) as necessary.

The embodiments of the present invention may be implemented by variousparts. For example, the embodiments of the present invention may beimplemented by hardware, firmware, software or a combination thereof.

In the case of implementing the present invention by hardware, thepresent invention can be implemented via application specific integratedcircuits (ASICs), Digital signal processors (DSPs), digital signalprocessing devices (DSPDs), programmable logic devices (PLDs), fieldprogrammable gate arrays (FPGAs), a processor, a controller, amicrocontroller, a microprocessor, etc.

If operations or functions of the present invention are implemented byfirmware or software, the present invention can be implemented in theform of a variety of formats, for example, modules, procedures,functions, etc. For example, the software code may be stored in thememories so that it can be driven by the processors. The memory unitsare located inside or outside the processors, so that they cancommunicate with the aforementioned processors via a variety ofwell-known parts.

The embodiments of the present invention can be supported by thestandard documents disclosed in any one of wireless access systems, suchas an IEEE802 system, A 3^(rd) Generation Partnership Project (3GPP)system, a 3GPP Long Term Evolution (LTE) system, and a 3GPP2 system.That is, the steps or portions, which are not described in order to makethe technical spirit of the present invention clear, may be supported bythe above documents. In addition, all the terms disclosed in the presentdocument may be described by the above standard documents. Inparticular, the embodiments of the present invention may be supported byat least one of P802.16-2004, P802.16e-2005 and P802.16Rev2 documents,which are the standard documents of the IEEE802.16 system.

It should be noted that specific terms disclosed in the presentinvention are proposed for convenience of description and betterunderstanding of the present invention, and the use of these specificterms may be changed to another format within the technical scope orspirit of the present invention.

Hereinafter, zone switching procedures performed before mapping of asecurity association identifier according to the present invention willbe described.

FIG. 2 is a diagram showing an example of a handover procedure throughzone switching.

Referring to FIG. 2, an AMS may begin to scan candidate HO BSs using anHO trigger condition while communicating with a legacy serving BS. TheAMS may transmit a handover request (MOB_MSHO-REQ) message and requestthe serving BS to perform a handover procedure, if a handover conditionexceeds, for example, a predetermined hysteresis margin value (S201).

The serving BS may transmit information associated with handoveracquired from the candidate HO BSs to the AMS through a handoverresponse (MOB_BSHO-RSP) message. The MOB_BSHO-RSP message may includeinformation for performing handover, such as an action time forperforming handover, a handover identifier (HO-ID) and a dedicated HOCDMA ranging code (S202).

The AMS may set a legacy support ABS among candidate HO BSs as a targetBS based on the information included in the MOB_BSHO-RSP messagereceived from the serving BS. Then, the AMS may transmit a handoverindication message to the serving legacy BS (S203).

Thereafter, the AMS transmits a ranging request (RNG-REQ) message to anLZone of the target BS (S204).

At this time, the ranging request message may include MAC versioninformation of the AMS and the value thereof is set to a valuecorresponding to the AMS.

The BS may confirm that the MS which transmits the ranging message is anadvanced MS (AMS) through the information acquired from the previousserving legacy BS or the MAC version information included in the rangingrequest message, and perform zone switching to an MZone.

For zone switching, the target BS transmits a ranging response (RNG-RSP)message including requested information (Zone switch TLV, hereinafter,referred to as “ZS TLV”) to the AMS.

At this time, ZS TLV may include information shown in Table 1.

Table 1 shows an example of ZS TLV information included in the RNG-RSPmessage according to the present invention.

TABLE 1 Type Name (1 byte) Length Value MZone 41 2 preamble index Time42 1 Time offset of the MZone and the offset LZone Zone 44 1 Indicateswhether data exchange switch is performed with the LZone during modezone switching (0 = no data exchange/1 = data exchange) Temporary 46 1Temporary station identifier to be used station in the MZone identifierRanging 47 1 Deadline of temporary station identifier initiationdeadline

Referring to Table 1, ZS TLV may include MZone A-preamble indexinformation, time offset information indicating a boundary (or a ratio)of an LZone and an MZone in a TDD frame structure, zone switch modeinformation indicating whether an MS maintains connection with an LZonein a zone switching procedure, temporary station identifier (STID)information for temporarily identifying an MS in an MZone, ranginginitiation deadline information indicating a deadline of a temporarystation identifier, etc. Although not shown in Table 1, a NONCE_ABSvalue for generating a primary master key (PMK) may be included.

Thereafter, the AMS performs synchronization with the MZone of thetarget ABS using information included in ZS TLV (S206) and requestsuplink resources for transmitting a ranging request (AAI_RNG-REQ)message (BR request for AAI_RNG-REQ) (not shown) in order to performzone switching.

If the requested uplink resources are allocated from the MZone, the AMStransmits a ranging request (AAI_RNG-REQ) message to the MZone (S207).At this time, the value of a ranging purpose indication field of theranging request message is set to a value (e.g., 0b1010) indicating zoneswitching from the LZone to the MZone.

The target ABS transmits a ranging response (AAI_RNG-RSP) message to theAMS in response to the ranging request message transmitted by the AMS(S208).

Thereafter, the AMS may perform normal communication with the target ABSthrough the MZone after completing zone switching to the MZone (S209).

Although the AMS performs zone switching to the MZone without completingnetwork reentry to the LZone of the target BS in the method describedwith reference to FIG. 2, the AMS may perform zone switching to theMZone after completing network reentry to the LZone, which will bedescribed with reference to FIG. 3.

FIG. 3 is a diagram showing another example of a handover procedureusing zone switching.

Steps S301 to S304 of FIG. 3 are similar to step S201 to S204 of FIG. 2and thus a description thereof will be omitted for clarity.

The target BS which receives the RNG-REQ message from the AMS mayconfirm that the MS which transmits the ranging message is an advancedMS (AMS) through the information acquired from the previous servinglegacy BS or the MAC version information included in the ranging requestmessage, and perform zone switching to an MZone. However, the target BSmay delay zone switching of the AMS due to load balancing between theLZone and the MZone.

Then, the target BS transmits a ranging response (RNG-RSP) message whichdoes not include ZS TLV to the AMS (S305) and the AMS may perform normalcommunication after completing network reentry to the LZone of thetarget BS (S306).

Thereafter, if the target BS decides to instruct the AMS to perform zoneswitching to the MZone, the ranging response (RNG-RSP) message includingZS TLV may be transmitted to the AMS through unsolicited LZone (S307).

Then, the AMS performs synchronization with the MZone of the target ABSusing information included in ZS TLV (S308) and requests uplinkresources for transmitting a ranging request (AAI_RNG-REQ) message (BRrequest for AAI_RNG-REQ) (not shown) in order to perform zone switching.

If the requested uplink resources are allocated from the MZone, the AMStransmits a ranging request (AAI_RNG-REQ) message to the MZone (S309).At this time, the value of a ranging purpose indication field of theranging request message is set to a value (e.g., 0b1010) indicating zoneswitching from the LZone to the MZone.

The target ABS transmits a ranging response (AAI_RNG-RSP) message to theAMS in response to the ranging request message transmitted by the AMS(S310).

Thereafter, the AMS may perform normal communication with the target ABSthrough the MZone after completing zone switching to the MZone (S311).

When the AMS performs zone switching from the LZone to the MZone throughthe process described with respect to FIGS. 2 and 3, in order toguarantee service continuity, context mapping of a service flowidentifier and mapping of a security association identifier (SAID)should be performed. Context mapping and security association mappingare particularly of importance when a data path with the LZone isestablished so as to generate a service flow as in step S306 of FIG. 3.The service flow in the LZone may be performed through exchange of adynamic service addition/response (DSA-REQ/RSP) message.

Security association means a set of information required for securitycommunication between a BS and an MS (e.g., provision of a key materialof a unicast transmission/control flow). Security association is sharedbetween a BS and a client MS thereof and is identified using a securityassociation identifier. In general, security association is individuallyapplied to a unicast flow. If security association is mapped to aunicast transmission flow, security association is applied to all dataexchanged in the unicast transmission flow. The same securityassociation is mapped to a plurality of flows, and a receiver may beinformed of information indicating whether a medium access controlprotocol data unit (MAC PDU) is encrypted through MAC headerinformation. The structure of the MAC PDU is shown in FIG. 4.

FIG. 4 is a diagram showing a general format of a medium access controlprotocol data unit (MAC PDU) used in an IEEE 802.16m system.

Referring to FIG. 4, the MAC PDU may include a MAC header, an extendedheader and a payload. At this time, the MAC header is always included inthe MAC PDU and the payload may be optionally included. The extendedheader is not included in the MAC PDU if the payload is not included.

In general, context mapping of a service flow identifier of the LZonemay be automatically performed such that a transport connection ID (CID)is mapped to a flow identifier (FID) in ascending order. However, sincethe type of a security association identifier (SAID) defined in thestandard of the MZone and the type of an SAID defined in the standard ofthe LZone are different, the SAID may not be automatically mapped.

More specifically, an SA mapped to a CID in the LZone includes a null SAand a primary SA. The SAID of the null SA may be set to 0 (SAID=0x00)and the SAID of the primary SA may be set to 1 (SAID=0x01). An advancedencryption standard cipher block chaining mode (AES-CCM) with a cipherblock chaining message authentication code (CBC-MAC) is applied to theprimary SA.

The AES-CCM is an encryption mode obtained by combining a counter forintegrity to a CBC-MAC mode for confidentiality, thereby achievingconfidentiality and integrity. A MAC PDU using the AES-CCM is subjectedto counter type encryption in a state in which a packet number (PN) isprefixed to the payload and an integrity check value (ICV) is postfixedto the payload.

In the SA in the MZone, an SAID 2 (SAID=0x02) is used in addition to theabove-described two SAIDs of the LZone. The SAID 2 indicates an advancedencryption standard counter mode (AES-CTR). In the AES-CRT, dataintegrity of the AES-CCM is excluded and only confidentiality isprotected.

The SAID 1 may be applied to a unicast control/transport flow, the SAID2 may be applied to a transport flow only when a BS and an MS decide togenerate an unprotected transport flow, and the SAID 0 may be applied toan unprotected transport flow.

Accordingly, it is necessary to map the SAID to the service flowidentifier again upon zone switching due to a difference in SA betweenthe MZone and the LZone.

SA Mapping Upon Zone Switching from LZone to MZone

In one embodiment of the present invention, in order to solve theabove-described problems, when the MS performs zone switching from theLZone to the MZone, the BS explicitly informs the MS of informationabout SA mapping through the advanced ranging response (AAI-RNG-RSP)message.

As an example of the rule for mapping an SA mapped to a CID of the LZoneto an SA of the MZone for implementing the present embodiment, themapping rule shown in Table 2 is proposed.

TABLE 2 CIDs in LZone SA in MZone Management Null SA (SAID = 0x00), ifonly security suites with connections “No data encryption, no dataauthentication” is supported Primary SA (SAID = 0x01), otherwise Unicasttransport Primary SA (SAID = 0x01) CID with SA using AES-CCM Unicasttransport Null SA (SAID = 0x00) CID with Null SA Broadcast or Null SA(SAID-0x00) multicast transport CID

Referring to Table 2, the CDI for general management connections in theLZone and the unicast transport CID mapped to the SA with the AES-CCMmay be mapped to the primary SA (SAID=0x01) in the MZone.

In addition, a CID for management connections with security suites with“No data encryption, no data authentication”, a unicast CID with null SAand a broadcast or multicast transport CID in the LZone have null SAeven in the MZone.

In Table 2, the SAID 0 and the SAID 1 are defined, but SAID 2 is notdefined. Information about a service flow mapped to the SAID 2 istransmitted to the MS through a ranging response message. Informationabout the mapping result may be included in the ranging response messagein the form of Table 3.

TABLE 3 Name Value Usage . . . . . . . . . Neighbor station Performneighbor Identifies whether neighbor station measurement stationmeasurement report is required report indicator measurement duringcurrent network entry report if set to “1” Number of 4 Number of serviceflows that updated service require update flows (N SF update) SAIDupdate 16 Bitmap for indicating the specific bitmap service flows thatare being mapped to SAID for AES-CTR . . . . . . . . .

Table 3 shows an example of the format of the SA mapping informationincluded in the ranging response message (AAI-RNG-RSP) in a zoneswitching procedure according to an embodiment of the present invention.

Referring to Table 3, the ranging response message may include a field(N_SF_update) indicating the number of updated service flows in the zoneswitching procedure and an SAID update bitmap field indicating a serviceflow mapped to an SAID for AES-CTR in the form of a bitmap. That is,information indicating whether service flows corresponding in number tothe number indicated by the N_SF_update field are sequentially mapped tothe SAID for AES-CTR may be indicated through the SAID update bitmapfield.

The format of the ranging response message (AAI-RNG-RSP) including SAIDmapping information is shown in Table 4.

TABLE 4 Size Field (bits) Value/Description Condition . . . . . . . . .. . . SAID 16 Bitmap for indicating Shall be included if specific updatethe specific FID(s) FDI(s) are to be remapped bitmap that are beingupdated to SAID of AES-CTR in to SAID of AES-CTR case of zone switchfrom LZone to MZone. For (i = 0; N_SFIDs is number Present if CID to FIDi < N_SFIDs; of SFIDs supported in mapping is done through i++){ MZonewhen an AMS the AAI-RNG-RSP performs zone message during zone switchingfrom LZone switching operation. If this to MZone. Its maximal field isnot present, all number is 24. FIDs for the transport connection shouldbe reestablished through the AAI-DSA exchanges after completion ofnetwork reentry in MZone Service 32 FID in MZone should flow be assignedper each identifier DL/UL connection (SFID) }

Table 4 shows another example of the format of the ranging responsemessage (AAI-RNG-RSP) including SAIP mapping information in a zoneswitching procedure according to an embodiment of the present invention.

Referring to Table 4, a SAID update bitmap field indicating a serviceflow mapped to an SAID of AES-CTR and a service flow identifier (SFID)field indicating a flow identifier (FID) allocated upon completing CIDmapping in a zone switching procedure may be included. If SFID field isnot included, the FID for transport connection is newly set through adynamic service addition (AAI-DSA-REQ) message.

Tables 3 and 4 show part of information included in the ranging responsemessage and more information may be included according to circumstances.The advanced ranging response message may correspond to step S208 ofFIG. 2 or step S310 of FIG. 3.

The mapping result according to the rule of Table 2 may be transmittedto the MS in a state of being included in the ranging response messagein the form of Table 3 or 4. Thereafter, the MS applies SA to each flowaccording to the mapping result in exchange of data such as a MAC PDUwith the BS such that the service of the LZone is provided even in theMZone while appropriately maintaining security.

Although the SAIDs 0 and 1 are mapped according to the predeterminedrule and the BS explicitly informs the MS of the result of mapping theSAID 2 through the ranging response message in the above embodiment, allMSs are explicitly informed of the result of mapping the SAIDs 0 to 2.

SA Mapping Upon Zone Switching from MZone to LZone

Zone switching from the MZone to the LZone may be performed according todecision of the BS for the purpose of load balance. If the BS wishes toswitch the MS from the MZone to the LZone, the BS may transmit ahandover command message, in which a field indicating zone switching tothe LZone for triggering is set, to the MS through unsolicitedAAI-HO-CMD. The handover command message includes connection identifiers(CIDs), security parameters, capability information, etc., all of whichwill be used in the LZone.

Even in this case, it is necessary to map an SAID to a SFID upon zoneswitching again due to a difference in SA between the MZone and theLZone. In the present embodiment, SA mapping is implicitly performedaccording to a predetermined rule.

As an example of the rule for mapping an SA mapped to a FID of the MZoneto an SA of the LZone for implementing the present embodiment, themapping rule shown in Table 5 is proposed.

TABLE 5 FIDs in MZone SA in LZone Transport FID associated with PrimarySA using AES-CCM Primary SA (SAID = 0x01) FID associated with SAID =0x02 Primary SA using AES-CCM FID associated with Null SA Null SA using“No data encryption; (SAID = 0x00) no data authentication” Broadcast ormulticast transport Null SA using “No data encryption; FID no dataauthentication”

Referring to Table 5, a transport FID with an SAID of 1 and a FID withan SAID of 2 in the MZone are mapped to primary SA using AES-CCM in theLZone. A FID with null SA and a broadcast/multicast transport FID in theMZone have null SA even in the LZone.

The mapping result according to the rule of Table 5 may be implicitlyapplied to the MS and the BS upon zone switching. Thereafter, the MSapplies SA to each flow according to the mapping result in exchange ofdata such as a MAC PDU with the BS such that the service of the MZone isprovided even in the LZone while appropriately maintaining security.

The mapping result according to the above-described rule may beexplicitly transmitted in a state of being included in the rangingresponse (RNG-RSP) message transmitted from the LZone to the MS or thehandover command (AAI-HO-CMD) message for triggering zone switching inthe MZone in the form similar to Table 3 or 4. At this time, each FIDmapped to the SAID of AES-CTR may be indicated in a toggled format inthe bitmap of Table 3 or 4.

MS and BS Structure

Hereinafter, an MS and a BS (FBS or MBS) in which the above-describedembodiments of the present invention may be performed will be describedas another embodiment of the present invention.

The MS operates as a transmitter in uplink and operates as a receiver indownlink. The BS may operate as a receiver in uplink and operate as atransmitter in downlink. That is, each of the MS and the BS may includea transmitter and a receiver for transmission of information or data.

The transmitter and the receiver may include a processor, a module, aportion and/or means for performing the embodiments of the presentinvention. In particular, the transmitter and the receiver may include amodule (means) for encrypting a message, a module for decrypting anencrypted message, and an antenna for transmitting or receiving amessage. An example of the transmitter and the receiver will bedescribed with reference to FIG. 5.

FIG. 5 is a block diagram showing an example of the structure of atransmitter and a receiver according to another embodiment of thepresent invention.

Referring to FIG. 5, a left side shows the structure of the transmitterand a right side shows the structure of the receiver. The transmitterand the receiver may include antennas 5 and 10, processors 20 and 30,transmission (Tx) modules 40 and 50, reception (Rx) modules 60 and 70,and memories 80 and 90, respectively. These components may performcorresponding functions. Hereinafter, the components will be describedin more detail.

The antennas 5 and 10 serve to transmit signals generated by the Txmodules 40 and 50 to an external device and receive and send externalradio frequency signals to the Rx modules 60 and 70. The number ofantennas may be two or more if a Multi-Input Multi-Output (MIMO)function is supported.

The antenna, the Tx module and the Rx module may configure a radiofrequency (RF) module.

The processors 20 and 30 generally control the overall operations of themobile terminal. In particular, a controller function for performing theabove-described embodiments of the present invention, a MAC framevariable control function according to service characteristics andtransmission environment, a handover function and an authentication andencryption function may be performed. More specifically, the processors20 and 30 may perform overall control in order to perform handoverthrough zone switching shown in FIGS. 2 and 3.

In particular, the processor of the AMS may acquire the mapping resultaccording to the predetermined rule through the ranging response(AAI-RNG-RSP) message transmitted from the BS when performing zoneswitching from the LZone to the MZone. Thereafter, the processor of theMS may apply SA to each flow according to the mapping result in exchangeof data such as a MAC PDU with the BS such that the service of the LZoneis provided even in the MZone while appropriately maintaining security.

The processor of the MS may perform an overall control operation of theprocedure described in the above-described embodiments.

The Tx modules 40 and 50 perform coding and modulation with respect todata which is scheduled by the processors 20 and 30 and is transmittedto external devices and send the coded and modulated data to the antenna10.

The Rx modules 60 and 70 may perform decoding and demodulation withrespect to RF signals received from external devices through theantennas 5 and 10 and send the decoded and demodulated data to theprocessors 20 and 30 in the form of original data.

The memories 80 and 90 may store programs for processing and controllingthe processors 20 and 30 and perform a function for temporarily storinginput/output data. In addition, the memories 80 and 90 may include atleast one of storage mediums such as a flash memory type, hard disktype, multimedia card micro type and card type memory (e.g., an SD or XDmemory), a Random Access Memory (RAM), a Static Random Access Memory(SRAM), a Read-Only Memory (ROM), an Electrically Erasable ProgrammableRead-Only Memory (EEPROM), a Programmable Read-Only Memory (PROM), amagnetic memory, a magnetic disk, and an optical disc.

Meanwhile, the BS may perform a controller function for performing theabove-described embodiments of the present invention, OrthogonalFrequency Division Multiple Access (OFDMA) packet scheduling, TimeDivision Duplex (TDD) packet scheduling and a channel multiplexingfunction, an MAC frame variable control function according to servicecharacteristics and transmission environment, a high-speed trafficreal-time control function, a handover function, an authentication andencryption function, a packet modulation/demodulation function for datatransmission, a high-speed packet channel coding function and areal-time modem control function using at least one of theabove-described modules, or further include separate means, modules orportions for performing such functions.

It will be apparent to those skilled in the art that variousmodifications and variations can be made in the present inventionwithout departing from the spirit or scope of the invention. Thus, it isintended that the present invention cover the modifications andvariations of this invention provided they come within the scope of theappended claims and their equivalents. Moreover, it will be apparentthat some claims referring to specific claims may be combined withanother claims referring to the other claims other than the specificclaims to constitute the embodiment or add new claims by means ofamendment after the application is filed.

INDUSTRIAL APPLICABILITY

Although an example of applying an efficient zone switching procedureand an MS structure in a broadband radio access system to the IEEE802.16m system is described in the above description, the presentinvention is applicable to various mobile communication systems such as3GPP/3GPP2 in addition to the IEEE 802.xx system.

The invention claimed is:
 1. A method of performing zone switch at amobile station (MS) in a broadband radio access system, the methodcomprising: performing the zone switch from a first zone supporting alegacy mode of a base station (BS) to a second zone supporting anadvanced mode of the BS, wherein the performing the zone switch includesreceiving, from the second zone, a second message including securityassociation (SA) information, the SA information indicating at least onesecond zone service flow that is mapped to at least one second zone SA,and wherein the at least one second zone SA that is mapped to the atleast one second zone service flow is selected from a plurality ofavailable second zone SAs based on a type of a first zone connectionidentifier corresponding to the second zone service flow, the first zoneconnection identifier being used in the first zone before performing thezone switch.
 2. The method according to claim 1, wherein a plurality ofavailable first zone SAs corresponds to any one of an SAID 0 with nullSA and an SAID 1 for protecting confidentiality and integrity, andwherein the plurality of available second zone SAs corresponds to anyone of the SAID 0, the SAID 1 and an SAID 2 for protectingconfidentiality.
 3. The method according to claim 1, wherein the SAinformation includes a bitmap indicating that an identifier of thesecond zone service flow is mapped to an identifier of the second zoneSA.
 4. The method according to claim 1, further comprising mapping theselected at least one second zone SA to the first zone connectionidentifier according to a predetermined SA mapping rule, wherein thetype of the first zone connection identifier is one of a managementconnection, a broadcast connection, a multicast connection or a unicastconnection.
 5. The method according to claim 1, further comprising:receiving, from the first zone, a first message including zone switchinformation required for the zone switch, wherein the first zone is anLZone and the second zone is an MZone, the first message is aunsolicited ranging response (RNG-RSP) message transmitted from theLZone, and the second message is a ranging response (AAI-RNG-RSP)message transmitted from the MZone.
 6. A method of supporting zoneswitch of a mobile station (MS) at an advanced base station (ABS)supporting a legacy mode through a first zone in a broadband radioaccess system, the method comprising: transmitting, to the MS through asecond zone supporting an advanced mode of the ABS, a second messageincluding security association (SA) information, the SA informationindicating at least one second zone service flow that is mapped to atleast one second zone SA, wherein the at least one second zone SA thatis mapped to the at least one second zone service flow is selected froma plurality of available second zone SAs based on a type of a first zoneconnection identifier corresponding to the second zone service flow, thefirst zone connection identifier being used in the first zone before thezone switch is performed.
 7. The method according to claim 6, wherein aplurality of available first zone SAs corresponds to any one of an SAID0 with null SA and an SAID 1 for protecting confidentiality andintegrity, and wherein the plurality of available second zone SAscorresponds to any one of the SAID 0, the SAID 1 and an SAID 2 forprotecting confidentiality.
 8. The method according to claim 6, whereinthe SA information includes a bitmap indicating that an identifier ofthe second zone service flow is mapped to an identifier of the secondzone SA.
 9. The method according to claim 6, further comprising: mappingthe selected at least one second zone SA to the first zone connectionidentifier according to a predetermined SA mapping rule, wherein thetype of the first zone connection identifier is one of a managementconnection, a broadcast connection, a multicast connection or a unicastconnection.
 10. The method according to claim 6, further comprising:transmitting, to the MS through the first zone supporting, a firstmessage including zone switch information required for the zone switchof the MS from the first zone to the second zone, wherein the first zoneis an LZone and the second zone is an MZone, the first message is aunsolicited ranging response (RNG-RSP) message transmitted from theLZone, and the second message is a ranging response (AAI-RNG-RSP)message transmitted from the MZone.
 11. A mobile station (MS) forperforming zone switch in a broadband radio access system, the MScomprising: a processor configured to perform the zone switch from afirst zone supporting a legacy mode of a base station (BS) to a secondzone supporting an advanced mode of the BS; and a radio frequency (RF)module configured to transmit and receive an RF signal to and from anexternal device under control of the processor, wherein the processorcontrols the RF module to receive from the second zone, a second messageincluding security association (SA) information, the SA informationindicating at least one second zone service flow that is mapped to atleast one second zone SA, and wherein the at least one second zone SAthat is mapped to the at least one second zone service flow is selectedfrom a plurality of available second zone SAs based on a type of a firstzone connection identifier corresponding to the second zone serviceflow, the first zone connection identifier being used in the first zonebefore performing the zone switch.
 12. The MS according to claim 11,wherein a plurality of available first zone SAs corresponds to any oneof an SAID 0 with null SA and an SAID 1 for protecting confidentialityand integrity, and wherein the plurality of available second zone SAscorresponds to any one of the SAID 0, the SAID 1 and an SAID 2 forprotecting confidentiality.
 13. The MS according to claim 11, whereinthe SA information includes a bitmap indicating that an identifier ofthe second zone service flow is mapped to an identifier of the secondzone SA.
 14. The MS according to claim 11, wherein the processor isfurther configured to map the selected at least one second zone SA tothe first zone connection identifier according to a predetermined SAmapping rule, and wherein the type of a first zone connection identifieris one of a management connection, a broadcast connection, a multicastconnection or a unicast connection.
 15. The MS according to claim 11,wherein the processor controls the RF unit to receive, from the firstzone, a first message including zone switch information required for thezone switch, and wherein the first zone is an LZone and the second zoneis an MZone, the first message is a unsolicited ranging response(RNG-RSP) message transmitted from the LZone, and the second message isa ranging response (AAI-RNG-RSP) message transmitted from the MZone.